Google Releases Chrome 19 with 19 Security Fixes

(LiveHacking.Com) – The development of Google’s Chrome browser continues at a fast pace. Just six weeks after the release of Chrome 18, Google have now released Chrome 19. It boasts a new tab synchronization feature along with 19 security related fixes. None of the fixes in this new release are rated Critical but there are seven High severity fixes. High severity, according to Google’s definition, means that the vulnerability lets a hacker read or modify confidential data belonging to other web sites or lets an attacker execute arbitrary code within the confines of the Chrome sandbox. Vulnerabilities that interfere with browser security features are also considered High severity.

Four of the seven High severity issues are use-after-free issues. These bugs are can potentially be exploited to allow an attacker to run arbitrary code. Of the remaining three, two are out-of-bounds writes (one in the OGG container and one related to PDF). Again these types of errors are a foothold for a fully working exploit. The last High severity error is an invalid write in v8 regex. In total Google paid out $4000 in bounties to the external security researchers who found these errors.